According to the researcher, NUUO NVRmini 2 and NVRsolo versions 1.0.0 to 3.0.0 contain hard-coded credentials. An attacker with knowledge of these credentials may log into affected devices with root privileges.